Investor Portal
← Back to home

Privacy Policy

Last updated: 15 June 2026

This notice explains how Haverstock Capital LLP (“Haverstock”, “we”, “us”) handles personal data in connection with our public website, haverstockcapital.co.uk, and our investor portal at portal.haverstockcapital.co.uk. It is issued under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Our applicant site at join.haverstockcapital.co.uk has its own privacy notice covering recruitment data.

Controller

The data controller is Haverstock Capital LLP, registered in England and Wales, of St Martin’s Courtyard, 11 Slingsby Place, London WC2E 9AB. For data-protection queries, email ir@haverstockcapital.co.uk.

What we collect on this site

This site is marketing content with a single contact facility. It does not take uploads, host a chat or require login. The personal data we handle is:

  • Your IP address and request metadata, logged by our hosting reverse proxy (Caddy) for security, abuse prevention and aggregate traffic monitoring. Logs are retained for up to 30 days and then rotated.
  • A small consent record stored in your browser’s localStorage if you interact with our cookie banner. This is held only on your device and never sent to us.
  • If you choose to use the contact form: your name, email address, organisation (optional) and message - see “Contact form and enquiry routing” below.

Contact form and enquiry routing

The “Contact us” option routes enquiries by category. If you submit a form, we receive your name, email address, organisation (if given) and message by email, and use them solely to handle your enquiry. The legal basis is Article 6(1)(f) UK GDPR (legitimate interests). Enquiry emails are retained for as long as needed to deal with the enquiry and then deleted in the ordinary course.

If you pick “Something else”, the short description you type is sent once to Anthropic’s API (United States) so an AI model can suggest the right destination for it. Only that text is sent - no name, email address, IP address or identifier accompanies it - and under Anthropic’s commercial API terms it is not used to train AI models. If the routing service is unavailable, your enquiry simply falls back to the standard form.

Investor portal

Access to portal.haverstockcapital.co.uk is reserved for institutional investors at approved firms. When you use the portal we handle:

  • Sign-in details - your business email address (checked against our list of approved firms to confirm eligibility), and, where you sign in with Microsoft, the email and name returned by your Microsoft work account.
  • Authentication data - a one-time sign-in code sent to your email, or a Microsoft sign-in, together with a strictly-necessary session cookie (hc_portal) that keeps you signed in for up to eight hours.
  • Usage telemetry - the pages and materials you view within the portal, used to understand how our materials are used and to keep the portal secure.
  • Access requests - if your firm is not yet approved, the name, firm, email and context you choose to provide so we can consider your request.

We process this on the basis of Article 6(1)(f) UK GDPR (legitimate interests, in operating and securing the portal and managing investor relationships) and, as an FCA-authorised firm, to meet our regulatory and record-keeping obligations. One-time codes and session data are short-lived; we use Microsoft (authentication and email) and Postmark (delivering sign-in codes) as providers for these features.

Cookies and similar storage

We do not set tracking, analytics, advertising or profiling cookies. The only items we place are strictly necessary:

  • haverstock-cookie-consent - your choice from the consent banner. Stored in localStorage on your device.

The “Find Us” section can show a Google Maps embed. If shown, Google sets its own cookies. We do not load the Maps embed unless you explicitly opt in via the consent banner or the “Show map” button. Until you do, the map area shows a static placeholder and a link to open the map in a new tab on Google’s own site, which is subject to Google’s privacy policy.

LinkedIn posts on this site

The “Get to Know Us” section shows recent public posts by Haverstock’s team and our company page on LinkedIn. We fetch the post text and a still image of each post on our own servers and serve them from our domain. We do not embed LinkedIn iframes, load LinkedIn scripts, or share any data about you with LinkedIn. Clicking through to a post takes you to LinkedIn, where LinkedIn’s own policies apply.

Purposes and legal bases

We process the limited data described above on the basis of Article 6(1)(f) UK GDPR (legitimate interests) for the purposes of operating, securing and improving our marketing site.

Recipients

We share limited operational data with the following providers acting on our instructions:

  • Microsoft (Azure, United Kingdom region) - hosting provider for this website and the underlying reverse proxy logs, and the provider of authentication (Microsoft Entra ID) for the investor portal.
  • Postmark (United States) - delivers contact-form submissions and investor-portal sign-in codes to us and to you by email.
  • Anthropic (United States) - receives only the free-text description from “Something else” enquiries, for one-off routing as described above.
  • Google (United States) - only if you opt in to the Maps embed, in which case the Maps iframe communicates directly with Google from your browser. We do not pass any data to Google ourselves.

We do not sell, rent, or trade your personal data, and we do not use it for advertising or profiling.

International transfers

Hosting and reverse-proxy logging are kept within the United Kingdom. Contact-form delivery (Postmark), enquiry routing (Anthropic) and the optional Google Maps embed involve transfers to the United States; we rely on appropriate safeguards under Article 46 UK GDPR (the UK-US Data Bridge or the ICO’s International Data Transfer Agreement / Addendum, depending on the processor’s certification status).

Security

The site is served over HTTPS only. Our server is hardened, kept up to date, and monitored. Administrative access is restricted to authorised Haverstock staff and gated by Microsoft Entra ID single sign-on with multi-factor authentication.

Retention

Reverse-proxy logs are retained for up to 30 days. The consent record on your device persists until you clear your browser storage or change your choice. We retain no other personal data through this site.

Your rights

Under the UK GDPR you have the right to access, rectify, erase, restrict or object to our processing of your personal data, and the right to data portability. To exercise any of these rights, email ir@haverstockcapital.co.uk - we will respond within one month.

If you are unhappy with how we handle your data you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk.

Regulatory status

Haverstock Capital LLP is authorised and regulated by the Financial Conduct Authority. This website is intended for institutional investors only and does not constitute an offer or solicitation to invest.

Changes to this notice

We will update the “Last updated” date above whenever material changes are made. Please check this page periodically.